From cac429e0a75667c021782210045c8e365f5cc8b0 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Thu, 29 Oct 2015 14:12:22 +0300
Subject: [PATCH] test: add test for capability bounding set parsing

Cherry-picked from: a8107a54
Resolves: #1387398
---
 src/test/test-unit-file.c | 45 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c
index 0384305051..0f00a8fff1 100644
--- a/src/test/test-unit-file.c
+++ b/src/test/test-unit-file.c
@@ -24,6 +24,7 @@
 #include <stdio.h>
 #include <stddef.h>
 #include <string.h>
+#include <sys/capability.h>
 #include <unistd.h>
 #include <fcntl.h>
 
@@ -545,6 +546,9 @@ static void test_install_printf(void) {
         expect(i4, "%U", "0");
 }
 
+static uint64_t make_cap(int cap) {
+        return ((uint64_t) 1ULL << (uint64_t) cap);
+}
 
 static void test_config_parse_rlimit(void) {
         struct rlimit * rl[_RLIMIT_MAX] = {};
@@ -661,6 +665,46 @@ static void test_config_parse_rlimit(void) {
         free(rl[RLIMIT_RTTIME]);
 }
 
+static void test_config_parse_bounding_set(void) {
+        /* int config_parse_bounding_set(
+                 const char *unit,
+                 const char *filename,
+                 unsigned line,
+                 const char *section,
+                 unsigned section_line,
+                 const char *lvalue,
+                 int ltype,
+                 const char *rvalue,
+                 void *data,
+                 void *userdata) */
+        int r;
+        uint64_t capability_bounding_set_drop = 0;
+
+        r = config_parse_bounding_set(NULL, "fake", 1, "section", 1,
+                              "CapabilityBoundingSet", 0, "CAP_NET_RAW",
+                              &capability_bounding_set_drop, NULL);
+        assert_se(r >= 0);
+        assert_se(capability_bounding_set_drop == ~make_cap(CAP_NET_RAW));
+
+        r = config_parse_bounding_set(NULL, "fake", 1, "section", 1,
+                              "CapabilityBoundingSet", 0, "CAP_NET_ADMIN",
+                              &capability_bounding_set_drop, NULL);
+        assert_se(r >= 0);
+        assert_se(capability_bounding_set_drop == ~(make_cap(CAP_NET_RAW) | make_cap(CAP_NET_ADMIN)));
+
+        r = config_parse_bounding_set(NULL, "fake", 1, "section", 1,
+                              "CapabilityBoundingSet", 0, "",
+                              &capability_bounding_set_drop, NULL);
+        assert_se(r >= 0);
+        assert_se(capability_bounding_set_drop == ~((uint64_t) 0ULL));
+
+        r = config_parse_bounding_set(NULL, "fake", 1, "section", 1,
+                              "CapabilityBoundingSet", 0, "~",
+                              &capability_bounding_set_drop, NULL);
+        assert_se(r >= 0);
+        assert_se(capability_bounding_set_drop == (uint64_t) 0ULL);
+}
+
 int main(int argc, char *argv[]) {
         int r;
 
@@ -670,6 +714,7 @@ int main(int argc, char *argv[]) {
         r = test_unit_file_get_set();
         test_config_parse_exec();
         test_config_parse_rlimit();
+        test_config_parse_bounding_set();
         test_load_env_file_1();
         test_load_env_file_2();
         test_load_env_file_3();